The new European General Data Protection Regulation (GDPR) will be enforced in two years, but that is a relatively short period of time for businesses to assess the new requirements, evaluate existing measures and plan a path to full compliance.

Chief risk officers (CRO) will need to keep close watch on a number of strategic, operational, and external risks this year. Effective risk management and mitigation will be critical, since companies' strategies, business models, operations, reputations, and, ultimately, survival are on the line.

User provisioning platforms are at the heart of an identity management and governance infrastructure. Let’s just put it this way—if you haven’t automated your user provisioning by now to some degree, you’re doing it wrong.

Continuous compliance involves constantly reviewing processes and quickly making any necessary updates as a result of deviations from their intended performance. However, despite the fact that continuous compliance is effective at eliminating the gaps between compliance and security, it also greatly increases the complexity of managing compliance.

The phrase "Continuous Compliance" is almost meaningless without an additional reference of "Assurance." I define continuous compliance and assurance as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective results to meet information security goals.

To prevent costly breaches such as this one from happening, Netwrix Corporation suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.